Skip to main content

Ransomware attack on Planned Parenthood LA exposes info for 400,000 patients

Ransomware attack on Planned Parenthood LA exposes info for 400,000 patients


Hackers got a hold of addresses, dates of birth, and ‘clinical information’

Share this story

Illustration by Alex Castro / The Verge

Hackers were able to access files containing personal information for hundreds of thousands of Planned Parenthood Los Angeles patients with a ransomware attack that occurred in October, according to a report by The Washington Post. A letter sent to affected patients by Planned Parenthood explained that the files contained patients’ names and “one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.”

Planned Parenthood says the ransomware was installed on its network some time between October 9th and October 17th. On the 17th, the organization noticed the intrusion, took its systems offline, and contacted law enforcement and cybersecurity investigators. By early November, it had determined what the hackers had access to but is still in the dark about the attack’s perpetrator, according to CNN.

Planned Parenthood is still investigating the hack

A spokesperson for Planned Parenthood LA told The Washington Post that it didn’t seem like the information had been “used for fraudulent purposes” and told CNN that it didn’t appear to be a targeted attack. But the data could be valuable if hackers choose to sell it, given its extremely sensitive nature — Planned Parenthood not only provides abortions but birth control, STD testing, and hormone therapy for trans patients, along with a host of other medical services. According to CNN, the data was limited to Planned Parenthood Los Angeles.

The cyberattack and data leak come at a time when abortion rights are especially fraught in the US. The Supreme Court is currently considering a case to determine the legality of a Mississippi law that bans abortions 15 weeks into pregnancy (as opposed to the 23 weeks set by Roe v. Wade), and earlier this year Texas made it illegal to get an abortion after just six weeks of pregnancy. Texas’ law means that abortions won’t be a legal option by the time most people find out they’re pregnant.

This incident blends rising tensions regarding abortion, privacy, and ransomware

Ransomware attacks have also been a major issue this year, with the US Treasury reporting that payouts from the attacks could be on track to top a billion dollars for 2021 alone. CNN says a spokesperson for Planned Parenthood LA didn’t answer questions about whether there was a ransom demand made in this case.